Win10 1Tb SSD: No TPM --> No BitLocker. How to Encrypt?

No TPM.  Win 10Pro Asus machine.  Drive is 1Tb SSD.  Lots of files.  BitLocker won't work as no TMP.  What would be the easiest and most robust way to encrypt my drive?  Focus on easy, please. :P :))
Who is Participating?
McKnifeConnect With a Mentor Commented:
There is no "as designed" bitlocker. The presence and usage of a TPM is just a proposal. It is the safest option, as well, but it makes no difference for backup, nor for recovery.
oaktreesAuthor Commented:
Hi McKnife!

Yeah, saw that aleready.  Seems like it may cause complications.  There's this line at the end of the article:

When your PC boots, you’ll have to either enter the password or insert the USB flash drive you provided. If you can’t provide the password or USB drive, BitLocker won’t be able to decrypt your drive and you won’t be able to boot into your Windows system and access your files.

What with Windows updates and/or Ghost recoverys, seems like, with that at the doorway, there'd be a lot of chance for one to get locked out of one's own system.

Anything more seamless?


Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

That is as seamless as it gets. The line at the end, what complications do you see? Sure, you lose that password, you have a problem, but that is why we have
A backups
B the recovery key printed and/or saved at a secure location.

Ghost recovery - totally different topic. If you are worried how to restore an image of an encrypted windows (bitlocked, or whatever encryption), please ask another question.
No disagreement with McKnife's good comments, but want to add to them.

I think you need to consider what is expected with Bitlocker or any other encryption.  If it can be accessed without anything unique (such as password or TPM), what will stop it from being accessed in another computer?  Without TPM, you can't count on your computer to have a unique signature that can't be forged.  The solution for that is to provide a password.  TPM effectively replaces the password as it provides unique keys.

What are you thinking will secure your system if you don't have TPM or a password?
oaktreesAuthor Commented:

Here's what I'm thinking: I automatically backup each day or so via Ghost or rather...Veritas, as Ghost was actually spun off from Norton - if you can believe that!  

So, running that Ghost copy each day, it's just an image.  Seems like there SHOULD be no problems, and Ghost/Veritas even says "If you've activated Bitlicker on the drive your recoveries will STILL Work."  Somehow, that seems to be for a as-designed Bitlocker.  I can see this workaround will run bitlocker on the drive.  Just worried that it will catch up if I need to recover from a Ghosted image.

In "theory" it should work.  But...

So, here's my next thought - a self-encrypted drive.  Should I post as a separate question?  Here's what I'm curious about.  If I'm using a self-encrypted drive, I'm good to go from the start.  Am I right?

Here's my goal: if I lose my notebook, don't want folks to be able to get past the Windows basic password and get to the files.
Self encrypting drives can be used, why not, if you already have one. But these can be problematic as well, see this thread
oaktreesAuthor Commented:
Yipes!  Scary on the SED.  Thanks again for all the help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.